android: use SAF for storing Taildropped files

Use Android Storage Access Framework for receiving Taildropped files.

-Add a picker to allow users to select where Taildropped files go
-If no directory is selected, internal app storage is used
-Provide SAF API for Go to use when writing and renaming files
-Provide Android FileOps implementation

Updates tailscale/tailscale#15263

Signed-off-by: kari-ts <[email protected]>

Author: kari-ts

android/src/main/java/com/tailscale/ipn/App.kt

@@ -13,8 +13,8 @@ import android.content.IntentFilter
 import android.content.SharedPreferences
 import android.content.pm.PackageManager
 import android.net.ConnectivityManager
+import android.net.Uri
 import android.os.Build
-import android.os.Environment
 import android.util.Log
 import androidx.core.app.ActivityCompat
 import androidx.core.app.NotificationCompat
@@ -35,6 +35,7 @@ import com.tailscale.ipn.ui.notifier.Notifier
 import com.tailscale.ipn.ui.viewModel.VpnViewModel
 import com.tailscale.ipn.ui.viewModel.VpnViewModelFactory
 import com.tailscale.ipn.util.FeatureFlags
+import com.tailscale.ipn.util.ShareFileHelper
 import com.tailscale.ipn.util.TSLog
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -58,6 +59,8 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
 
   companion object {
     private const val FILE_CHANNEL_ID = "tailscale-files"
+    // Key to store the SAF URI in EncryptedSharedPreferences.
+    private val PREF_KEY_SAF_URI = "saf_directory_uri"
     private const val TAG = "App"
     private lateinit var appInstance: App
 
@@ -149,17 +152,13 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
   }
 
   private fun initializeApp() {
-    val dataDir = this.filesDir.absolutePath
-
-    // Set this to enable direct mode for taildrop whereby downloads will be saved directly
-    // to the given folder.  We will preferentially use <shared>/Downloads and fallback to
-    // an app local directory "Taildrop" if we cannot create that.  This mode does not support
-    // user notifications for incoming files.
-    val directFileDir = this.prepareDownloadsFolder()
-    app = Libtailscale.start(dataDir, directFileDir.absolutePath, this)
-    Request.setApp(app)
-    Notifier.setApp(app)
-    Notifier.start(applicationScope)
+    // Check if a directory URI has already been stored.
+    val storedUri = getStoredDirectoryUri()
+    if (storedUri != null && storedUri.toString().startsWith("content://")) {
+      startLibtailscale(storedUri.toString())
+    } else {
+      startLibtailscale(this.getFilesDir().absolutePath)
+    }
     healthNotifier = HealthNotifier(Notifier.health, Notifier.state, applicationScope)
     connectivityManager = this.getSystemService(Context.CONNECTIVITY_SERVICE) as ConnectivityManager
     NetworkChangeCallback.monitorDnsChanges(connectivityManager, dns)
@@ -204,6 +203,18 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     FeatureFlags.initialize(mapOf("enable_new_search" to true))
   }
 
+  /**
+   * Called when a SAF directory URI is available (either already stored or chosen). We must restart
+   * Tailscale because directFileRoot must be set before LocalBackend starts being used.
+   */
+  fun startLibtailscale(directFileRoot: String) {
+    ShareFileHelper.init(this, directFileRoot)
+    app = Libtailscale.start(this.filesDir.absolutePath, directFileRoot, this)
+    Request.setApp(app)
+    Notifier.setApp(app)
+    Notifier.start(applicationScope)
+  }
+
   private fun initViewModels() {
     vpnViewModel = ViewModelProvider(this, VpnViewModelFactory(this)).get(VpnViewModel::class.java)
   }
@@ -246,6 +257,11 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
         EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM)
   }
 
+  fun getStoredDirectoryUri(): Uri? {
+    val uriString = getEncryptedPrefs().getString(PREF_KEY_SAF_URI, null)
+    return uriString?.let { Uri.parse(it) }
+  }
+
   /*
    * setAbleToStartVPN remembers whether or not we're able to start the VPN
    * by storing this in a shared preference. This allows us to check this
@@ -309,29 +325,6 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     return sb.toString()
   }
 
-  private fun prepareDownloadsFolder(): File {
-    var downloads = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOWNLOADS)
-
-    try {
-      if (!downloads.exists()) {
-        downloads.mkdirs()
-      }
-    } catch (e: Exception) {
-      TSLog.e(TAG, "Failed to create downloads folder: $e")
-      downloads = File(this.filesDir, "Taildrop")
-      try {
-        if (!downloads.exists()) {
-          downloads.mkdirs()
-        }
-      } catch (e: Exception) {
-        TSLog.e(TAG, "Failed to create Taildrop folder: $e")
-        downloads = File("")
-      }
-    }
-
-    return downloads
-  }
-
   @Throws(
       IOException::class, GeneralSecurityException::class, MDMSettings.NoSuchKeyException::class)
   override fun getSyspolicyBooleanValue(key: String): Boolean {

android/src/main/java/com/tailscale/ipn/MainActivity.kt

@@ -10,17 +10,21 @@ import android.content.Context
 import android.content.Intent
 import android.content.RestrictionsManager
 import android.content.pm.ActivityInfo
+import android.content.pm.PackageManager
 import android.content.res.Configuration.SCREENLAYOUT_SIZE_LARGE
 import android.content.res.Configuration.SCREENLAYOUT_SIZE_MASK
 import android.net.ConnectivityManager
 import android.net.NetworkCapabilities
+import android.net.Uri
 import android.os.Build
 import android.os.Bundle
+import android.os.Process
 import android.provider.Settings
 import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.result.ActivityResultLauncher
 import androidx.activity.result.contract.ActivityResultContract
+import androidx.activity.result.contract.ActivityResultContracts
 import androidx.annotation.RequiresApi
 import androidx.browser.customtabs.CustomTabsIntent
 import androidx.compose.animation.core.LinearOutSlowInEasing
@@ -88,8 +92,13 @@ import kotlinx.coroutines.cancel
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.launch
+import libtailscale.Libtailscale
+import java.io.IOException
+import java.security.GeneralSecurityException
 
 class MainActivity : ComponentActivity() {
+  // Key to store the SAF URI in EncryptedSharedPreferences.
+  val PREF_KEY_SAF_URI = "saf_directory_uri"
   private lateinit var navController: NavHostController
   private lateinit var vpnPermissionLauncher: ActivityResultLauncher<Intent>
   private val viewModel: MainViewModel by lazy {
@@ -149,6 +158,49 @@ class MainActivity : ComponentActivity() {
         }
     viewModel.setVpnPermissionLauncher(vpnPermissionLauncher)
 
+    val directoryPickerLauncher =
+        registerForActivityResult(ActivityResultContracts.OpenDocumentTree()) { uri: Uri? ->
+          if (uri != null) {
+            try {
+              // Try to take persistable permissions for both read and write.
+              contentResolver.takePersistableUriPermission(
+                  uri,
+                  Intent.FLAG_GRANT_READ_URI_PERMISSION or Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+            } catch (e: SecurityException) {
+              TSLog.e("MainActivity", "Failed to persist permissions: $e")
+            }
+
+            // Check if write permission is actually granted.
+            val writePermission =
+                this.checkUriPermission(
+                    uri, Process.myPid(), Process.myUid(), Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
+            if (writePermission == PackageManager.PERMISSION_GRANTED) {
+              TSLog.d("MainActivity", "Write permission granted for $uri")
+
+              lifecycleScope.launch(Dispatchers.IO) {
+                try {
+                  Libtailscale.setDirectFileRoot(uri.toString())
+                  saveFileDirectory(uri)
+                } catch (e: Exception) {
+                  TSLog.e("MainActivity", "Failed to set Taildrop root: $e")
+                }
+              }
+            } else {
+              TSLog.d(
+                  "MainActivity",
+                  "Write access not granted for $uri. Falling back to internal storage.")
+              // Don't save directory URI and fall back to internal storage.
+                }
+          } else {
+            TSLog.d(
+                "MainActivity", "Taildrop directory not saved. Will fall back to internal storage.")
+
+            // Fall back to internal storage.
+          }
+        }
+
+    viewModel.setDirectoryPickerLauncher(directoryPickerLauncher)
+
     setContent {
       navController = rememberNavController()
 
@@ -366,19 +418,37 @@ class MainActivity : ComponentActivity() {
       if (this::navController.isInitialized) {
         val previousEntry = navController.previousBackStackEntry
         TSLog.d("MainActivity", "onNewIntent: previousBackStackEntry = $previousEntry")
+        if (this::navController.isInitialized) {
+          val previousEntry = navController.previousBackStackEntry
+          TSLog.d("MainActivity", "onNewIntent: previousBackStackEntry = $previousEntry")
 
-        if (previousEntry != null) {
-          navController.popBackStack(route = "main", inclusive = false)
-        } else {
-          TSLog.e(
-              "MainActivity",
-              "onNewIntent: No previous back stack entry, navigating directly to 'main'")
-          navController.navigate("main") { popUpTo("main") { inclusive = true } }
+          if (previousEntry != null) {
+            navController.popBackStack(route = "main", inclusive = false)
+          } else {
+            TSLog.e(
+                "MainActivity",
+                "onNewIntent: No previous back stack entry, navigating directly to 'main'")
+            navController.navigate("main") { popUpTo("main") { inclusive = true } }
+          }
         }
       }
     }
   }
 
+  @Throws(IOException::class, GeneralSecurityException::class)
+  fun saveFileDirectory(directoryUri: Uri) {
+    val prefs = App.get().getEncryptedPrefs()
+    prefs.edit().putString(PREF_KEY_SAF_URI, directoryUri.toString()).apply()
+    try {
+      // Must restart Tailscale because a new LocalBackend with the new directory must be created.
+      App.get().startLibtailscale(directoryUri.toString())
+    } catch (e: Exception) {
+      TSLog.d(
+          "MainActivity",
+          "saveFileDirectory: Failed to restart Libtailscale with the new directory: $e")
+    }
+  }
+
   private fun login(urlString: String) {
     // Launch coroutine to listen for state changes. When the user completes login, relaunch
     // MainActivity to bring the app back to focus.

android/src/main/java/com/tailscale/ipn/ui/util/OutputStreamAdapter.kt

@@ -0,0 +1,26 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package com.tailscale.ipn.ui.util
+
+import com.tailscale.ipn.util.TSLog
+import java.io.OutputStream
+
+// This class adapts a Java OutputStream to the libtailscale.OutputStream interface.
+class OutputStreamAdapter(private val outputStream: OutputStream) : libtailscale.OutputStream {
+  // writes data to the outputStream in its entirety. Returns -1 on error.
+  override fun write(data: ByteArray): Long {
+    return try {
+      outputStream.write(data)
+      outputStream.flush()
+      data.size.toLong()
+    } catch (e: Exception) {
+      TSLog.d("OutputStreamAdapter", "write exception: $e")
+      -1L
+    }
+  }
+
+  override fun close() {
+    outputStream.close()
+  }
+}

android/src/main/java/com/tailscale/ipn/ui/view/MainView.kt

@@ -97,6 +97,7 @@ import com.tailscale.ipn.ui.theme.short
 import com.tailscale.ipn.ui.theme.surfaceContainerListItem
 import com.tailscale.ipn.ui.theme.warningButton
 import com.tailscale.ipn.ui.theme.warningListItem
+import com.tailscale.ipn.ui.util.AndroidTVUtil
 import com.tailscale.ipn.ui.util.AndroidTVUtil.isAndroidTV
 import com.tailscale.ipn.ui.util.AutoResizingText
 import com.tailscale.ipn.ui.util.Lists
@@ -212,6 +213,11 @@ fun MainView(
                 PromptPermissionsIfNecessary()
                 viewModel.maybeRequestVpnPermission()
                 LaunchVpnPermissionIfNeeded(viewModel)
+                LaunchedEffect(state) {
+                  if (state == Ipn.State.Running && !AndroidTVUtil.isAndroidTV()) {
+                    viewModel.showDirectoryPickerLauncher()
+                  }
+                }
 
                 if (showKeyExpiry) {
                   ExpiryNotification(netmap = netmap, action = { viewModel.login() })
@@ -242,7 +248,9 @@ fun MainView(
                     { viewModel.login() },
                     loginAtUrl,
                     netmap?.SelfNode,
-                    { viewModel.showVPNPermissionLauncherIfUnauthorized() })
+                    {
+                      viewModel.showVPNPermissionLauncherIfUnauthorized()
+                    })
               }
             }
           }
@@ -433,11 +441,11 @@ fun ConnectView(
     loginAction: () -> Unit,
     loginAtUrlAction: (String) -> Unit,
     selfNode: Tailcfg.Node?,
-    showVPNPermissionLauncherIfUnauthorized: () -> Unit
+    showVPNPermissionLauncher: () -> Unit
 ) {
   LaunchedEffect(isPrepared) {
     if (!isPrepared && shouldStartAutomatically) {
-      showVPNPermissionLauncherIfUnauthorized()
+      showVPNPermissionLauncher()
     }
   }
   Row(horizontalArrangement = Arrangement.Center, modifier = Modifier.fillMaxWidth()) {

android/src/main/java/com/tailscale/ipn/ui/viewModel/MainViewModel.kt

@@ -4,13 +4,15 @@
 package com.tailscale.ipn.ui.viewModel
 
 import android.content.Intent
+import android.net.Uri
 import android.net.VpnService
 import androidx.activity.result.ActivityResultLauncher
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.platform.ClipboardManager
 import androidx.compose.ui.text.AnnotatedString
+import androidx.documentfile.provider.DocumentFile
 import androidx.lifecycle.ViewModel
 import androidx.lifecycle.ViewModelProvider
 import androidx.lifecycle.viewModelScope
@@ -25,6 +27,7 @@ import com.tailscale.ipn.ui.util.PeerCategorizer
 import com.tailscale.ipn.ui.util.PeerSet
 import com.tailscale.ipn.ui.util.TimeUtil
 import com.tailscale.ipn.ui.util.set
+import com.tailscale.ipn.util.TSLog
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.FlowPreview
 import kotlinx.coroutines.Job
@@ -63,6 +66,9 @@ class MainViewModel(private val vpnViewModel: VpnViewModel) : IpnViewModel() {
   private val _requestVpnPermission = MutableStateFlow(false)
   val requestVpnPermission: StateFlow<Boolean> = _requestVpnPermission
 
+  // Select Taildrop directory
+  private var directoryPickerLauncher: ActivityResultLauncher<Uri?>? = null
+
   // The list of peers
   private val _peers = MutableStateFlow<List<PeerSet>>(emptyList())
   val peers: StateFlow<List<PeerSet>> = _peers
@@ -204,13 +210,34 @@ class MainViewModel(private val vpnViewModel: VpnViewModel) : IpnViewModel() {
     _requestVpnPermission.value = false // reset
   }
 
+  fun showDirectoryPickerLauncher() {
+    val app = App.get()
+    val storedUri = app.getStoredDirectoryUri()
+    if (storedUri == null) {
+      // No stored URI, so launch the directory picker.
+      directoryPickerLauncher?.launch(null)
+      return
+    }
+
+    val documentFile = DocumentFile.fromTreeUri(app, storedUri)
+    if (documentFile == null || !documentFile.exists() || !documentFile.canWrite()) {
+      TSLog.d(
+          "MainViewModel",
+          "Stored directory URI is invalid or inaccessible; launching directory picker.")
+      directoryPickerLauncher?.launch(null)
+    } else {
+      TSLog.d("MainViewModel", "Using stored directory URI: $storedUri")
+    }
+  }
+
   fun toggleVpn(desiredState: Boolean) {
     if (isToggleInProgress.value) {
       // Prevent toggling while a previous toggle is in progress
       return
     }
 
     viewModelScope.launch {
+      showDirectoryPickerLauncher()
       isToggleInProgress.value = true
       try {
         val currentState = Notifier.state.value
@@ -250,6 +277,10 @@ class MainViewModel(private val vpnViewModel: VpnViewModel) : IpnViewModel() {
     // No intent means we're already authorized
     vpnPermissionLauncher = launcher
   }
+
+  fun setDirectoryPickerLauncher(launcher: ActivityResultLauncher<Uri?>) {
+    directoryPickerLauncher = launcher
+  }
 }
 
 private fun userStringRes(currentState: State?, previousState: State?, vpnActive: Boolean): Int {